In our last article, we discussed the value and contribution of the risk register, and how it played into the offering of a pre-populated, fully-integrated enterprise risk management (ERM) solution. We noted that three attributes of a GRC platform (Process, Product, and Content) are essential to delivering the critical services, tools, and capabilities that companies[…]
Subconsciously, we all manage risk throughout our daily lives. We pack an umbrella in case it rains, (unless we live in the Pacific Northwest where that’s considered unnecessary). We check our car tire pressure and fluid levels before a long road trip. We bring along water for a summer hike, and so on. You can[…]
There’s a lingering belief that these are IT management concerns. That lingering belief is founded upon a “perceived reality” of a business operating in an environment where IT was little more than a contributing discipline to complete tasks and deliver efficiency. It made some narrow sense in a world free of cyber anything, pre-internet, where[…]
Almost every blog entry listed here makes some reference to a Governance, Risk, and Compliance (GRC) software tool and how it can help you manage cyber risk. But what if you don’t have one of these? What about spreadsheets? Or home grown database tools you made yourself and are certain are “good enough”? And suppose[…]
Third Party Risk Management (TPRM) is more than just management of a group or category of business relationships. It is a program unto itself with its own unique characteristics and methods. Too often, TPRM is viewed and undertaken as a procurement process subset. That can lead to a collection of discrete transactions managed on a[…]
The modern battlefield has a new extension—cyberspace! And the modern battlefield is no longer confined to simple geographies of land masses, airspace, oceans, valleys and mountains. Better (more destructive) bombs, missiles, rockets, guns, and fighter aircraft, weren’t enough for us feisty humans. Just as the global economy has blurred once sharply defined geographical and economic[…]
Thirty-five years ago, my first article was published in a professional journal. It was the outgrowth of a talk I gave at a business conference on the use of computer generated graphical information reporting. In 1987 those technologies were in their infancy. Computerized business graphics, pie, line, and bar charts, generated using desktop systems and[…]
As we enter another year of challenges to business, to cyber-survival, and to living in a time where past norms of operation seem more historical than current, one is left to question what is important, and within that set, what is feasible now? There are many voices aloft across social media channels, news channels, thought[…]
Over the years I’ve written about many possible cyber risks, their potential impacts upon companies, their stakeholders, clients, and associates. We’ve talked about third party risk (TPRM) and associated measures to be taken to protect, detect, remediate, and respond. Well, recently one of these events struck home, literally, and the scenario, as described to me[…]
December brings more to our days than images of bright lights, holiday cheer, family gatherings, and for some, maybe a sprinkling of snow. In our work-realm of business and cyber risk management, it’s a time for reflection, refinement, and preparation for the year to come. Unless your business is retail or related, and you’re panting[…]